How different disaster types affect Tiebreaker software detection time
For better disaster recovery planning, the MetroCluster Tiebreaker software takes some time in detecting a disaster. This time spent is the disaster detection time
. The MetroCluster Tiebreaker software detects the site disaster within 30 seconds from the time of occurrence of the disaster and triggers the disaster recovery operation to notify you about the disaster.
The detection time also depends on the type of disaster and might exceed 30 seconds in some scenarios, mostly known as rolling disasters
. The main types of rolling disaster are as follows:
Power loss
Panic
Halt or reboot
Loss of FC switches at the disaster site
Power loss
The Tiebreaker software immediately triggers an alert when the node stops operating. When there is a power loss, all connections and updates, such as intercluster peering, NV interconnect, and MailBox disk, stop. The time taken between the cluster becoming unreachable, the detection of the disaster, and the trigger, including the default silent time of 5 seconds, should not exceed 30 seconds.
Panic
The Tiebreaker software triggers an alert when the NV interconnect connection between the sites is down and the surviving site indicates the AllLinksSevered
status. This only happens after the coredump process is complete. In this scenario, the time taken between the cluster becoming unreachable and the detection of a disaster might be longer or approximately equal to the time taken for the coredump process. In many cases, the detection time is more than 30 seconds.
If a node stops operating but does not generate a file for the coredump process, then the detection time should not be longer than 30 seconds.
Halt or reboot
The Tiebreaker software triggers an alert only when the node is down and the surviving site indicates the AllLinksSevered
status. The time taken between the cluster becoming unreachable and the detection of a disaster might be longer than 30 seconds. In this scenario, the time taken to detect a disaster depends on how long it takes for the nodes at the disaster site to be shut down.
Loss of FC switches at the disaster site (fabric-attached MetroCluster configuration)
The Tiebreaker software triggers an alert when a node stops operating. If FC switches are lost, then the node tries to recover the path to a disk for about 30 seconds. During this time, the node is up and responding on the peering network. When both of the FC switches are down and the path to a disk cannot be recovered, the node produces a MultiDiskFailure error and halts. The time taken between the FC switch failure and the number of times the nodes produced MultiDiskFailure errors is about 30 seconds longer. This additional 30 seconds must be added to the disaster detection time.